Macrotone Blogs

Macrotone blogs upon Joomla, our products and other matters.
Blogs that do not fit into any other of our specified categories.

Lessons to be learnt from RBS debacle?

The recent debacle/fiasco around the RBS banking group has attracted much interest, with various comments made about whether it was preventable and the possible causes.

There have been many suggested causes such as whether this was an ‘accident waiting to happen’, or whether RBS should have retained IT support in-house rather than out-sourcing, a lot of which were by parties with their own self supporting agendas

One thing that did catch our eye was the article that RBS is set to sue the supplier for the problem.  Somehow it would turn our very ironic is the suppliers were insured for liability insurance (which all reputable suppliers are) though an RBS subsidiary.  That really would be something of an own goal, and for a group that is majority owned by the UK tax payer, must raise some interesting questions.

  1996
  0

Thoughts on the EU data protection regulation and Joomla

In January 2012, the European Commission announced two important pieces of legislation affecting the personal data of EU citizens: the EU data protection directive and the EU data protection regulation.  Of the two, the data protection regulation will have the greater effect on most businesses that collect, hold or share data within the EU. 

Continue reading
  4185
  0

The Tor Project

Mentioned the Tor Project in a recent post so decided to expand a little upon the topic. 

Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.

It is a browser that exists on your machine, but is not installed as such, so can be placed on a USB key and used as a remote app.  Its’ purpose is to anonymise your web communications by bouncing then around a distributed network of relays all around the world:  it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location.

Useful for accessing sites that may be blocked by you ISP for what ever reason.

  1998
  0

HTTPS Everywhere a browser add-in



Came across this some time ago but now seems an appropriate time to mention it, especially with the on-going ‘mania’ with web security.

HTTPS Everywhere is a Firefox and Chrome extension that encrypts your communications with many major websites, making your browsing more secure.  It is with a one-click installation,which can  seriously increase your security on over 1,400 web sites by encrypting your connection.

Many sites, like Gmail (and Facebook, with caveats) have options that let you browse with HTTPS always turned on, but the HTTPS Everywhere extension makes this simpler.  Instead of turning it on for individual sites, HTTPS Everywhere will automatically routes all your data through a secure connection on any of its 1,400 supported web sites, keeping your information safe and away from prying eyes—in short, it's an extension everyone should have installed.

Essentially a win win situation.  Unfortunately not available for IE, Safari and other browsers except Firefox and Chrome.   

  2444
  0

Three Strokes and you are out

I have previously written about Spam entries on the web site and their elimination, but now I turn to 'Invalid Login attempts'.

I have been watching these with interest for a few weeks, and it is particularly interesting to see where they originate from.

Like the Spam entries a lot of these seem to originate from the Far East.  I am currently adopting a policy of immediately blocking 'Administrator Login attempts'.  No quarter given, I can think of no valid reasons why they should be tried by anyone other than those authorised to do so.

Turning to normal login attempts I have a policy of seeing how many different user names are tried from a specific IP address.  Once they have tried 3 different ones I immediately block them.  I must admit I am building up quite a long list.  Perhaps I should generate a graphical display of the souces, it could be quite interesting to see, and watch how it changes over time.

Given a single host country as being the source of a lot of these attempts, one could always block all the IP addresses assigned to that specific country but it does seem like 'using a sledge hammer to crack a nut' approach.  Possibly I will come round to that approach eventually.

The one single thing that I have not yet investigated is how accurate the IP address actually is.  Programs such as 'tor' generate anonymity of the IP address so do we actually know where they come from at all?  If its' use became widespread blocking of IP's might be a little bit of a waste of time anyway!

 

  1704
  0

LinkedIn Password Check to see if it was compromised

I see that Mashable has announced that LastPass has released a tool to allow users to check if their password was one of those compromised in the recent hack incident.

Being very cynical I wonder why anyone would want to use a tool such as this, since it seem much more sensible to just assume the password has been compromised and change it straight away.

The article suggests, and I tend to agree that the use of a ‘password management tool’ might also be a good idea.  I personally use one to keep track of all the passwords that I use on all the sites I visit.  That way I can use a different (automatically generated) password on each site, and all I have to do is remember the password to get into the password manager, so that I can copy and paste the appropriate password when I need it.  Of course LastPass has released this ‘tool’ to promote sales of its own product, which is very understandable but also is very opportunistic.

I would suggest that rather than use such a tool that LinkedIn user just change this password whether it is compromised or not.  The old saying being ‘Better safe than sorry!’.

  2248
  0

Blogging problem using WLW (Windows Live Writer)

Just found a small problem when using Windows Live Writer (WLW) as a blogging tool.

The situation is that for network reasons when WLW attempted to get hold of the blog entry on the server it failed yet still displayed the article.

Then when the article was changed and published it overwrote the original post, even though the title and most of the text had changed.   Never seen it do that before but will need to watch it very closely from now on in.

Now all I have to do is get back the original post from the backup.  - Never mind.

Seems it doesn't like it when you change destinations either for an entry, as it assumes that it is a new rather  than an edited old entry.

Tags:
  1930
  0

LinkedIn password follow-up

Since my previous post  there have been additional reports of hacking into Last.fm and also Dating website e-Harmony (a US-based relationship site) has admitted that a "small fraction" of its users' passwords have been leaked.

Whilst the majority of our readers will not be so interested in the latter, there does seem to be a current spate of web site hacks around.

LinkedIn has said on its blog that it had reset the passwords of the affected users, who would receive an email with instructions on how to set new passwords.


What to do


Security experts have advised users to change their passwords on LinkedIn even if they were changed yesterday. Here's how:

 

  1. Visit www.linkedin.com, and log-in with your details
  2. Once logged-in, hover over your name in the top right-hand corner of the screen, and select 'Settings' from the menu
  3. You may be asked to log-in again at this point
  4. On the next screen, click the 'Account' button which is near the bottom of the page
  5. Under the 'Email & Password' heading, you will find a link to change your password

If you use the same password on other sites, be sure to change those too.

  2060
  0

LinkedIn Users note!

I have been watching the unfolding news that details of LinkedIn users and their passwords have been leaked out into the wider web.  The most recent story is here.

I don't (currently) have a link to LinkedIn on my site although I do have an account, and have done for many years.  It seems sensible to at the very least to change your LinkedIn account password ASAP, and check that your information has not been changed, which as least one report I have seen has suggested.

  2444
  0

Macrotone Web Site Cookies

Cookies Overview

Cookies are small text files that are placed on your computer by websites that you visit.   They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

The table below explains the cookies we use and why.  View our Privacy Policy to learn more about cookies.

First Party Cookies

Cookie Name Purpose More info
Google Analytics __utma
__utmb
__utmc
__utmz
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. Disallowing the use of these cookies prevents us from accurately analysing visitor numbers and visitors trends.
Click here for more information on Google Analytics and the Cookies it uses.
Macrotone Consulting Web site bb2_screener_

This cookie is used by Bad Behavior  to ensure the security of the site and each visitor’s session.

This cookie is believed to be exempt from the regulation because it is a site security cookie meant to help comply with the seventh data protection principle.

 
 

‘encrypted name’

Encrypted session cookie used by the web site to track the visitor.  Both the name and the value are encrypted.

Expires at the end of the session.

The session cookie name is an MD5 hash of logged in username (if logged in),  ip address, and some other info. 
The names and values are to all extents meaningless. 
In addition to the session cookie, if you have set the "remember me" flag there is also a remember me cookie saved with an encrypted version of your username and password.

  cookieAcceptanceCookie Indicates acceptance of Cookies policy.  Created when visitor has accepted cookie policy.

 

Third Party Cookies

Cookie Name Purpose More info
Twitter 'Tweet' button unique id pid This cookie is set by twitter.com to save a unique anonymous id for each website visitor.
Only present if Twitter is used on the site.

Please visit twitter.com to find out more. To delete this cookie you must manually delete this via your web browser settings.

  2179
  0
Go To Top

The Macrotone Consulting Web site would like to use cookies to store information on your computer, to improve our website. Cookies used for the essential operation of the site have already been set. To find out more about the cookies we use and how to delete them, see our Privacy Policy.

I accept cookies from this site.